CA/Browser Forum posts
Posts by tag Server Certificates
Ballot SC095v3: Clean-up 2025
February 27, 2026 by Wayne ThayerVoting Results Certificate Issuers 24 votes in total:
February 27, 2026 by Wayne ThayerVoting Results Certificate Issuers 24 votes in total:
2026-02-12 Minutes of the Server Certificate Working Group
February 12, 2026 by Wayne ThayerMinutes: Notes by: Janet Hines (VikingCloud) Begin Recording - Roll Call Read note-well Note-well was read by Dimitris
February 12, 2026 by Wayne ThayerMinutes: Notes by: Janet Hines (VikingCloud) Begin Recording - Roll Call Read note-well Note-well was read by Dimitris
2026-01-29 Minutes of the Server Certificate Working Group
January 29, 2026 by Wayne ThayerMinutes: Minutes by Jos Purvis (Fastly) I. Meeting Logistics Dimitris read the note-well. No changes were requested for the agenda. The minutes from the 15 January meeting were approved without changes. II. Membership Applications The membership application of Santosh Pandit as an individual interested party was reviewed and approved without objection. III. Ballots The cleanup ballot currently in its discussion period was reviewed. Kateryna Aleksieieva (Certum) indicated there were no updates on the ballot status, but they hoped to have it completed in January. There are 3 ballots currently in IPR: SC 94, 96, and 97. Ballots 94 and 96 will end their IPR periods on the same day; Dimitris asked the group for guidance on how to treat the release of red-lines and final guidelines for each ballot — whether to release separate versions of the BRs or a single version comparing the two. Corey Bonnell (Digicert) pointed out that this happened a few years ago in the Code-Signing working group and they elected to release each ballot separately, meaning the first ballot had an effective period of about fifteen minutes before the second ballot also took effect. Dimitris pointed out that the table for effective dates doesn’t include timestamps, just dates, so he was thinking of applying a similar approach but separated by a day. The group indicated that would be fine but there was no particular concern with doing separate releases but having both ballots’ effective dates be the same day. Dimitris listed 5 ballots currently under consideration. Corey indicated he had made some changes around dates in SC87 (registration number improvement for EV certificates), updated the PR, and verified the new copy with the current endorsers. Once the endorsers have indicated consent to the changes, he’ll be proceeding with moving this into discussion and formal balloting in the next few weeks. Aaron Gable (ISRG) offered an update on the ballot for cleanups to ADNC names. The significant topic the Validation Subcommittee discussed was the difference between re-using a validation for the applied-for FQDN (which is what the BRs discuss today) versus re-using a validation for the actually-validated ADN (which is what the new version of the BRs included). Aaron and Jacob are preparing an email to update the community on the changes and updates the ballot proposes and hopes to have that out prior to the next Validation Subcommittee meeting. Martijn Katerbarg (Sectigo) is leading the ballot improving CPRs and clarifying revocation: there were no updates on that ballot’s progress. Clint Wilson (Apple) is leading the ballot now numbered SC93. Clint said there’s an excellent comment on the ballot pull request from GTS outlining their thoughts and concerns around the ballot. Clint asked the community for further discussion on whether the ballot offered sufficient value in comparison to cost to advance or should be approached via a different route. Finally, Dimitris reviewed the ballot for an updated timeline for errors affecting CP/CPS deviations. He indicated he had reached out to a few members to get feedback and discussion around the ballot but had not received much back, and would likely add this to discussion at the upcoming face-to-face meeting. IV. Discussion Items — Current Business Ballot Number Allocations Dimitris articulated the concerns around ballot numbering, which currently follows an informal process to allocate ballot numbers. At the moment, the process indicates a ballot number should be assigned once a ballot has achieved some consensus and attached two endorsers; he noted, however, that it’s much easier to have discussions around proposed ballots with a number attached to them for clarity of reference. He also indicated concerns with the currently pending ballot SC93, which has adopted that number from this process, but then leaves a gap in ballot numbers that might need to be accounted for in some way. Aaron concurred that it was easier to refer to a ballot if there were a number assigned; Jos pointed out that in the past this had resulted in numbering gaps that then generated questions later about what happened to those numbers that were skipped. Jos proposed a different solution in which we used SC- in order to create a convenient “handle” for the ballot that didn’t interfere with numbering. Ben Wilson (Mozilla) felt we should keep the current system as it is, and said if a ballot were abandoned once it reached the discussion stage it was relatively easy to note that in the historical record; he also pointed out that a ballot doesn’t need to be in its final form for someone to endorse it. Aaron suggested using the pull-request number for naming draft ballots. Tim Callan (Sectigo) pointed out that if we took the approach of encouraging “early endorsers” we might see people voting no on a ballot they endorsed initially because of the changes since they endorsed it; the group felt it was important in that case to emphasize there was no stigma attached to withdrawing endorsement of a ballot or voting no on a ballot previously endorsed. Dimitris summarized the discussion and encouraged further discussion around this on future calls. The next topic was volunteers around minute-taking. Dimitris explained the rotation system currently in use for minute-takers, and asked that people reach out to him to be added to or removed from the list of minute-takers. V. New Business There were no new-business items from the group. Dimitris adjourned the meeting, noting the next meeting would be 12 February.
January 29, 2026 by Wayne ThayerMinutes: Minutes by Jos Purvis (Fastly) I. Meeting Logistics Dimitris read the note-well. No changes were requested for the agenda. The minutes from the 15 January meeting were approved without changes. II. Membership Applications The membership application of Santosh Pandit as an individual interested party was reviewed and approved without objection. III. Ballots The cleanup ballot currently in its discussion period was reviewed. Kateryna Aleksieieva (Certum) indicated there were no updates on the ballot status, but they hoped to have it completed in January. There are 3 ballots currently in IPR: SC 94, 96, and 97. Ballots 94 and 96 will end their IPR periods on the same day; Dimitris asked the group for guidance on how to treat the release of red-lines and final guidelines for each ballot — whether to release separate versions of the BRs or a single version comparing the two. Corey Bonnell (Digicert) pointed out that this happened a few years ago in the Code-Signing working group and they elected to release each ballot separately, meaning the first ballot had an effective period of about fifteen minutes before the second ballot also took effect. Dimitris pointed out that the table for effective dates doesn’t include timestamps, just dates, so he was thinking of applying a similar approach but separated by a day. The group indicated that would be fine but there was no particular concern with doing separate releases but having both ballots’ effective dates be the same day. Dimitris listed 5 ballots currently under consideration. Corey indicated he had made some changes around dates in SC87 (registration number improvement for EV certificates), updated the PR, and verified the new copy with the current endorsers. Once the endorsers have indicated consent to the changes, he’ll be proceeding with moving this into discussion and formal balloting in the next few weeks. Aaron Gable (ISRG) offered an update on the ballot for cleanups to ADNC names. The significant topic the Validation Subcommittee discussed was the difference between re-using a validation for the applied-for FQDN (which is what the BRs discuss today) versus re-using a validation for the actually-validated ADN (which is what the new version of the BRs included). Aaron and Jacob are preparing an email to update the community on the changes and updates the ballot proposes and hopes to have that out prior to the next Validation Subcommittee meeting. Martijn Katerbarg (Sectigo) is leading the ballot improving CPRs and clarifying revocation: there were no updates on that ballot’s progress. Clint Wilson (Apple) is leading the ballot now numbered SC93. Clint said there’s an excellent comment on the ballot pull request from GTS outlining their thoughts and concerns around the ballot. Clint asked the community for further discussion on whether the ballot offered sufficient value in comparison to cost to advance or should be approached via a different route. Finally, Dimitris reviewed the ballot for an updated timeline for errors affecting CP/CPS deviations. He indicated he had reached out to a few members to get feedback and discussion around the ballot but had not received much back, and would likely add this to discussion at the upcoming face-to-face meeting. IV. Discussion Items — Current Business Ballot Number Allocations Dimitris articulated the concerns around ballot numbering, which currently follows an informal process to allocate ballot numbers. At the moment, the process indicates a ballot number should be assigned once a ballot has achieved some consensus and attached two endorsers; he noted, however, that it’s much easier to have discussions around proposed ballots with a number attached to them for clarity of reference. He also indicated concerns with the currently pending ballot SC93, which has adopted that number from this process, but then leaves a gap in ballot numbers that might need to be accounted for in some way. Aaron concurred that it was easier to refer to a ballot if there were a number assigned; Jos pointed out that in the past this had resulted in numbering gaps that then generated questions later about what happened to those numbers that were skipped. Jos proposed a different solution in which we used SC- in order to create a convenient “handle” for the ballot that didn’t interfere with numbering. Ben Wilson (Mozilla) felt we should keep the current system as it is, and said if a ballot were abandoned once it reached the discussion stage it was relatively easy to note that in the historical record; he also pointed out that a ballot doesn’t need to be in its final form for someone to endorse it. Aaron suggested using the pull-request number for naming draft ballots. Tim Callan (Sectigo) pointed out that if we took the approach of encouraging “early endorsers” we might see people voting no on a ballot they endorsed initially because of the changes since they endorsed it; the group felt it was important in that case to emphasize there was no stigma attached to withdrawing endorsement of a ballot or voting no on a ballot previously endorsed. Dimitris summarized the discussion and encouraged further discussion around this on future calls. The next topic was volunteers around minute-taking. Dimitris explained the rotation system currently in use for minute-takers, and asked that people reach out to him to be added to or removed from the list of minute-takers. V. New Business There were no new-business items from the group. Dimitris adjourned the meeting, noting the next meeting would be 12 February.
Ballot SC097: Sunset all remaining use of SHA-1 signatures in Certificates and CRLs
January 24, 2026 by Wayne ThayerVoting Results Certificate Issuers 26 votes in total:
January 24, 2026 by Wayne ThayerVoting Results Certificate Issuers 26 votes in total:
2026-01-15 Minutes of the Forum
January 15, 2026 by Martijn KaterbargMinutes: Begin Recording - Roll Call Read note-well Note read by Dimitris in the SCWG call
January 15, 2026 by Martijn KaterbargMinutes: Begin Recording - Roll Call Read note-well Note read by Dimitris in the SCWG call
2026-01-15 Minutes of the Server Certificate Working Group
January 15, 2026 by Wayne ThayerMinutes: Begin Recording - Roll Call Recording started
January 15, 2026 by Wayne ThayerMinutes: Begin Recording - Roll Call Recording started
Ballot SC094v2: DNSSEC exception in email DCV methods
January 15, 2026 by Wayne ThayerVoting Results Certificate Issuers 26 votes in total:
January 15, 2026 by Wayne ThayerVoting Results Certificate Issuers 26 votes in total:
Ballot SC096: Carve-out for DNSSEC verification logging requirements
January 14, 2026 by Wayne ThayerVoting Results Certificate Issuers 27 votes in total:
January 14, 2026 by Wayne ThayerVoting Results Certificate Issuers 27 votes in total:
2025-12-18 Minutes of the Server Certificate Working Group
December 18, 2025 by Wayne ThayerMinutes: Opening: Dimitris Zacharopoulos (HARICA) welcomed attendees and waited for more participants to join. Roll call was taken from Webex. Dustin Hollenback (Apple) was confirmed as the minute taker. Dimitris Zacharopoulos (HARICA) confirmed the meeting was being recorded and the Notewell was read. Dimitris Zacharopoulos (HARICA) noted the agenda was short and asked for any additions or changes. None were proposed. Minutes Approval: Minutes from the previous teleconference (2025-12-04) had not been distributed. Dimitris Zacharopoulos (HARICA) will send a reminder to Eva to complete them for the next meeting. Membership Applications:
December 18, 2025 by Wayne ThayerMinutes: Opening: Dimitris Zacharopoulos (HARICA) welcomed attendees and waited for more participants to join. Roll call was taken from Webex. Dustin Hollenback (Apple) was confirmed as the minute taker. Dimitris Zacharopoulos (HARICA) confirmed the meeting was being recorded and the Notewell was read. Dimitris Zacharopoulos (HARICA) noted the agenda was short and asked for any additions or changes. None were proposed. Minutes Approval: Minutes from the previous teleconference (2025-12-04) had not been distributed. Dimitris Zacharopoulos (HARICA) will send a reminder to Eva to complete them for the next meeting. Membership Applications:
2025-12-04 Minutes of the Server Certificate Working Group
December 4, 2025 by Wayne Thayer1. Roll Call and Housekeeping Roll Call from Webex. Technical issues with membership tool is being worked on. Manual capturing attendance. Comment by Martijn Katerbarg (Sectigo) that it will be auto-run.
December 4, 2025 by Wayne Thayer1. Roll Call and Housekeeping Roll Call from Webex. Technical issues with membership tool is being worked on. Manual capturing attendance. Comment by Martijn Katerbarg (Sectigo) that it will be auto-run.